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© IC CARD SYSTEM HAVING FUNCTION OF CONFIRMING DESTROYED DATA. 



< 
CO 

CO 
CO 



LU 



© An IC card contains an IC chip including a 
cipher processing circuit in addition to an ordinary 
data record processing circuit, and further possesses 
a magnetic or optical data recording portion provided 
on the card. In the magnetic or optica! data record- 
ing portion on the IC card are recorded data at the 
time of initialization and at the final transaction in a 
predetermined enciphered form by the cooperation 
of an initializing terminal unit, a transaction terminal 
unit and the IC chip in the IC card. In case the data' 
recorded in the IC chip in the IC card are destroyed, 
a confirmation terminal unit decodes the data re- 
corded on the magnetic or optical data recording 
portion to make sure their validity. When it is con- 
firmed that the data decoded by the confirmation 



terminal unit are valid, the initialization terminal unit 
restores them in a new IC card. 
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[TECHNICAL FIELD] 



The .present invention relates to an IC card 
system and, in particular, an IC card system of 
such a type that, even if, upon the use of an IC 
card as a "prepaid" card for instance, data is found 
to be destroyed owing to a damaged IC chip, etc., 
data items, such as a "prepaid" balance, recorded 
in the IC card can be identified by the IC card and 
the terminal in a self-solving way without using any 
large-scaled on-line system and restored with ad- 
ded safety. 

[Background Art] 

A prepaid card, such as a conventional prepaid 
telephone card, is not safe from the standpoint of 
security, such as the protection of secret data and 
prevention of tampering. In the conventional pre- 
paid card system, when data items in the prepaid 
card are maliciously or inadvertently destroyed by 
a card owner or any third party, there is no safe 
countermeasure for restoring data oh a "prepaid" 
balance. 

An IC card equipped with an IC version of a 
data storing/processing circuit is outstandingly su- 
perior to other cards form the standpoint of secu- 
rity, such as the protection of secret data and 
prevention of the tampering of data. 

There is a relatively high possibility that, be- 
cause such an IC chip is embedded in a plastics 
card, data items in the card will be destroyed, not 
to mention a damage to the IC itself. Further, in the 
event of the data items being destroyed in the 
card, it is not possible to identify date, such as a 
"prepaid" balance. Even if any dispute arises be- 
tween a card owner and a card issuing person in 
connection with the "prepaid" balance, there has 
been no effective solution to such a problem. 

There is, therefore, a growing demand for iden- 
tifying and restoring data items in the IC card 
system as set out above. An effective measure, 
therefore, is necessary to readily identify damaged 
data without using any large-scatled on-line system 
and to prevent any possible misuse upon the re- 
issuing of an IC card. 

[Disclosure of Invention] 

It is an object of the present invention to pro- 
vide an improved IC card system in which final 
transaction data items, once disturbed by encryp- 
tion, are recorded in a magnetic or optical data 
recording unit whereby, when data items in the IC 
card are destroyed, the recorded data items are 
read out of the data recording unit to enable the 
read-out data items to be readily identified for their 



truth. 

Another object of the present invention is to 
provide an IC card system which, when data items 
read out of a magnetic or optical data recording 
s unit is proved true, restores the true data items in a 
new IC card. 

According to the present invention, there is 
provided on IC card system for enabling data 
which is stored in an IC card equipped with an IC 
10 chip area and a magnetic or optica) data recording 
area at its predetermined area to be authenticated 
in cooperation with a predetermined terminal, the 
system characterized by comprising: 

a first unit for enabling data which is asso- 
75 ciated with a final transaction by the IC card to be 
subjected to a predetermined processing, including 
an encryption processing, by a predetermined data 
process made between an encrypting area stored 
in an IC area of the IC card and a read/write unit in 
20 a terminal for identification and between the 
read/write unit and a common processing units; 

a second unit for enabling data which is sub- 
jected by the first means to the processing to be 
transferred to the magnetic or optical data record- 
25 ing area via the read/write unit on the terminal and 
to be recorded there; and 

a third unit for enabling the processed data 
associated with the final transaction which is re- 
corded on the magnetic or optical data recording 
30 area to be subjected to a predetermined re-pro- 
cessing, including a decryption processing at the 
read/write unit and common processing unit, when 
the data in the IC area of the IC card is destroyed, 
and for authenticating truth of the data. 
35 According to another aspect of the present 

invention, an IC card system includes a fourth unit 
which, when the truth of the data re-processed by 
the third unit is authenticated, transfers that data 
from the terminal for identification to the terminal 
40 for initialization and restores it into a new card. 

In summary, the present IC card system com- 
prises: 

a first unit for performing a predetermined data 
processing, including an encryption processing, rel- 
45 ative to an initializing or transaction terminal in 
cooperation with an IC card and an code prepara- 
tion unit in the IC card; 

a second unit for recording final transaction 
data in a magnetic or optical data recording area of 
so the IC card after it has been disturbed by a pre- 
determined code; and 

a third unit for decrypting the data of the 
recording unit by the identifying terminal, when it is 
needed fdr restoration, so that it is identified for 
truth. The present IC card system further com- 
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prises a fourth unit which, when the data is proved 
true, enables data on a "prepaid" balance, etc., to 
be restored by the initializing terminal for re-issuing 
of a new IC card. 

In the IC card system as set out below, when 
an IC chip of the IC card is inaccessible due to its 
damage, etc., the card owner requests the card 
issuing person to restore data on, for example, a 
"prepaid" balance so that it is re-issued. 

The card issuing person re-processes final 
transaction data of the magnetic or optical data 
recording area through decryption with the use of 
an identifying terminal, for example, a card owner's 
built-in code function F and code key and prepares 
an identification code and compares it with an 
identification code which is read, as a to-be-re- 
processed data, out of the magnetic or optical data 
recording area. If there is a coincidence between 
the two, the card issuing person authenticates it as 
being true, restores the final transaction data and 
issues a novel IC card. 

[Brief Description of the Drawings] 

Figs. 1 to 3 show an IC card system according 
to one embodiment of the present invention, Fig. 1 
showing a state of a connection between an initial- 
izing terminal and an IC card as well as a data 
transfer between them and its control, Fig. 2 show- 
ing a state of a connection between a transaction 
terminal and an IC card as well as a data transfer 
between them and its control, and Fig. 3 showing a 
state of a connection between the IC card and an 
identifying terminal for identifying data of a mag- 
netic or optica! data recording area when data once 
stored in the IC card, if damaged, is restored, as 
well as a data transfer between the iC card and the 
terminal and its control. 

[Best Mode of Carrying Out the Invention] 

An IC card system according to one embodi- 
ment of the present invention wili be explained 
below with reference to the accompanying draw- 
ings. 

Fig. 1 shows a state of a connection between 
an initializing terminal unit T1 and an IC card 20 
and a data transfer between the two and its control 
which constitute one aspect of a restoration device 
of the present invention. 

An initializing terminal unit T1 which is placed 
under complete control of an IC card issuer as his 
or her agent includes an input/output unit 1 1 , com- 
mon treating units 12 and read/write unit 13. The IC 
card 20 is initialized by the terminal T1 and handed 
over to a specific person who becomes a card 
owner. 

The IC card 20 to be used by the card owner 



includes a magnetic/optical data recording area 21 
and IC chip area 22. 

The IC chip area 22 includes, in addition to an 
ordinary data storing/processing unit, a circuit (a 

5 code preparing unit) for processing a code function 
(F), both of which are absolutely inaccessible from 
an outside. A code key KUC which is unique to the 
IC card 20 is accessible by only a specific termi- 
nal, etc., which is owned or designated by a card 

w issuer, and is initially stored in a chip area 22 of 
the IC card. 

Those items of issuing data (that is, issuing 
data TD (1)) as input from the input/output unit 11 
in the terminal unit T1 or automatically generated 
75 from the processing unit 12 oxi stored as initial 
history data into the IC ship area 22 of the IC card 
20 from the read/write unit 13 in the initializing 
terminal unit T1, the items of data containing the 
data of issuing, piace-of- issuing (initializing terminal 
20 ID) code, amount of money received upon issu- 
ance, a "prepaid" balance upon issuance, etc. 

A symbol (1) in the issuing data TD (1) repre- 
sents the transfer of data on the drawing sheet. 
The same thing can be applied to those items of 
25 data and code as will be set forth beiow. 

The data TD (1) and authentication code 
(hereinafter referred to as [identification code TC 
(2)] generated based on the data TD (1) are regis- 
tered in the magnetic/optical data storing area 21 of 
30 the IC card 20. 

The identification code TC (2) is a multi-digit 
code uniquely determined by the issuing data TD 
(1), that is, a result of an arithmetic operation 
obtained in accordance with a function F using the 
35 code key KUC and transaction data TD (1), the 
function F being incorporated into the chip area 22 
in the IC card 20. The code TC (2) is taken into the 
IC card via the read/write unit 13 in the terminal 
unit T1 . 

40 The terminal unit T1 encrypts the identification 

code TC (2) together with the data TD (1) and 
delivers it via the read/write unit 13 to the magnetic 
or optical data recording unit 21 where it is stored. 
A relation among the code function F, data TD, 

45 identification code TC and code key KUC is repre- 
sented by: 

TC = F(TD ( KUC) 

50 Fig. 2 shows a data transfer, that is, goods or 

services transferred, by a prepaid action, with the 
use of a user IC card UC which has been given to 
the card owner after initialization. 

Fig. 2 shows the case where a card owner 
55 insert or loads the user IC card UC into a transac- 
tion terminal unit TT as installed at a shop and 
street corner. 

Those items of transaction data (hereinafter 
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referred to as transaction data TD (1) for the sake 
of convenience) entered from an output section (an 
input/output unit 11 A) of the transaction terminal TT 
or automatically generated from a common control 
unit 12A are added to a history at a time of card 
issuance, or updated via a read/write unit 13A, the 
transaction data containing a transaction data, site- 
of-transaction (terminal) code, amount of transac- 
tion, "prepaid" balance, prepayment and so on and 
being the same format as that of the aforemen- 
tioned issuing data TD (1). 

Transaction data TD (1) involved in a final 
transaction as well as an authentication code 
(hereinafter referred to as an identification code TC 
(2) for the sake of convenience) generated in the 
same format as that of the identification code TC 
(2) is encrypted via the read/write unit 13A and 
written into a magnetic/optical data storing area 
21 A in the user IC card UC. 

Although a step of charging or receiving a 
price or a payment for goods and services, by a 
goods/services provider or an agent, as a result of 
a transaction is omitted for brevity's sake, it is done 
in the process substantially the same as set forth 
above. 

Let it be assumed that data in the chip area 
22A in the user IC card UC cannot be read out due 
to a breakage, etc., of the IC chip area 22A and 
that a transaction fails to continue owing to a 
"prepaid" balance being placed in an inaccessible 
state. 

In this case, the owner of the user IC card 
presents a defective IC card UC to the card issuing 
person or his or her agent, claiming that a 
"prepaid" balance should be guaranteed. The card 
issuing person or his or heragent handles a restor- 
ing terminal TA as shown in Fig. 3 in accordance 
with the claim of the card owner an'd restores and 
identifies that "prepaid" balance. The card issuing 
person or his or her agent takes a proper step, 
such as the reissuing of an IC card to guarantee 
the "prepaid" balance. 

That is, on the side of the card issuing person 
or his or her agent, a code key kUC of the user IC 
card UC is arithmetically operated on by the termi- 
nal TA in accordance with a secret key KAC and 
the same function F as a code function built in the 
user IC card UC of the card owner as well as a 
card recognition data recorded in magnetic or op- 
tical data recording unit 21 B inscribed in the IC 
card, noting that the key KAC and function F can 
be stored in an authentication-only IC card so as to 
further enhance a security' level. An identification 
code TC (3) is generated, in the same way as set 
out above, form the code key KUC thus obtained 
and transaction data TD (1) in those items of data 
read out of the magnetic or optical data recording 
area 21 B. This identification code (3) is compared 



with an identification code TC (2) in those data 
items which are read out of the magnetic or optical 
data recording area 21 B. 

If a coincidence occurs as a result of compari- 
s son, the transaction data TD1 in the data items 
read out of the magnetic or optical data recording 
area 21 A can be regarded as being not maliciously 
altered by something. 

The card issuing person or his or her agent 
io performs an issuing operation of a new IC card 20 
(UC), in accordance with the sequence as set out 
in connection with Fig. 1, with the use of a 
"prepaid" balance on a final transaction in the 
read-out transaction data TD (1 ). 
75 Although the present embodiment has been 

explained in connection with the present invention, 
when the transaction terminal TT delivers transac- 
tion data TD (1) and identification code TC (2) to 
the magnetic or optical data recording area, TD (1) 
20 and TC (2) are encrypted as a whole for enhanced 
security to place an encrypted one generally under 
an inaccessible state and encryption is done prior 
to the process of restoring and identifying data, 
such as a "prepaid" balance, regarding a final 
25 transaction by the terminal TA This modification 
constitutes an extension and hence another ap- 
plication which is covered by the present invention. 

The IC card system of the present invention is 
operated as set out above. That is, the final trans- 
30 action data of the IC card, once disturbed by the 
code, is registered in the magnetic or optical data 
recording area. It is, therefore, difficult for any 
malicious person to read out the final transaction 
data. Even if the data is tampered with, identifica- 
35 tion can be made, upon request by the IC card 
owner, on the card issuing person's side whether 
or not the data in the magnetic or optical recording 
area is tampered with. Since data, such as a 
"prepaid" balance cannot be restored in a new IC 
40 card unless the card owner confirms the truth of 
the data, it is possible to prevent any misuse of the 
card upon re-issuing of it. 

Since the present IC card system has the 
features as set out above, if the card owner asks 
45 the card issuing person to replace a damaged card 
by a new one, the person can readily confirm the 
truth of fina! transaction data in the IC card without 
using any large-scaled on-line system and re-issue 
a new IC card with a restored true "paid" balance, 
so etc., registered therein, preventing any trouble from 
arising between the card issuing person and the 
card owner. The present IC card system ensures 
high security and hence very high satefty. 

55 [Industrial Applicability] 

The present invention can be applied to an IC 
card system, in general, performing, for example, 
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an individual authentication, data management and 
credit transaction. 

Claims 

1. An IC card system for enabling data which is 
stored in an !C card equipped with an !C chip 
area and a magnetic or optical data recording 
area at its predetermined area to be authen- 
ticated in cooperation with a predetermined 
terminal, the system characterized by compris- 
ing: 

first means for enabling data which is con- 
tained in connection with a final transaction by 
the IC card to be subjected to a predetermined 
processing, including an encryption process- 
ing, by a predetermined data process made 
between an encrypting area stored in an IC 
area of the IC card and a read/write unit in a 
terminal for identification and between the 
read/write unit and a common processing unit; 

second means for enabling data which is 
subjected by the first means to the processing 
to be "transferred to the magnetic or optical 
data recording area via the read/write unit on 
the terminal and to be recorded there; and 

third means for enabling the processed 
data associated with the final transaction which 
is recorded on the magnetic or optical data 
recording area to be subjected to a predeter- 
mined re-processing, including a decryption 
processing at the read/write unit and common 
processing unit, when the data in the IC area 
of the IC card is destroyed, and for authen- 
ticating truth of the data. 

2. The system according to claim 1, character- 
ized by further comprising fourth means which, 
when the truth of the data re-processed by 
said third means is authenticated, transfers that 
data from said terminal for identification to said 
terminal for initialization and restores it into a 
new IC card. 

3. The system according to claim 1, character- 
ized in that said authenticated data contains 
data on a prepaid balance. 



tain in connection with a final transaction by 
the IC card to be subjected to a processing 
with a transaction authentication code gener- 
ated in accordance with a code function and 

s authentication individual key specific for the IC 

card, the processing being done through a 
predetermined data processing made between 
a common processing unit and the read/write 
unit in a terminal for initialization or for transac- 

10 tion. 

second means for enabling data which is 
subjected by the first means to the processing 
to be transferred to the magnetic or optical 
data recording area via the read/write unit on 

75 the terminal and to be recorded there; and 

third means for enabling the processed 
data associated with the final transaction which 
is recorded on the magnetic or optical data 
recording area to be checked for truthness with 

so the use of a code or decording function of the 

read/write unit and common processing unit, 
when the data in the IC area of the IC card is 
destroyed. 

25 2. (Amended) The system according to claim 1, 
characterized by further comprising fourth 
means which, when the truth of the data 
checked by said third means is authenticated, 
transfers that data from said terminal for iden- 

30 tification to said terminal for initialization and 

restores it into a new IC card. 

3. The system according to claim 1, character- 
ized in that said authenticated data contains 
35 data on a prepaid balance. 
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Amended claims 

50 

1. (Amended) An IC card system for enabling 
data which is stored in an IC card equipped 
with an IC chip area and a magnetic or optical 
data recording area at its predetermined area 
to be authenticated in cooperation with a pre- 55 
determined terminal, the system characterized 
by comprising: 

first means for enabling data which is con- 
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